CVE-2021-22190
HIGHGitLab 13.7.0-13.7.8 - Path Traversal via GitLab Workhorse
Title source: llmDescription
A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token
References (3)
Core 3
Core References
Broken Link x_refsource_misc
https://gitlab.com/gitlab-org/gitlab/-/issues/300281
Permissions Required x_refsource_misc
https://hackerone.com/reports/1040786
Third Party Advisory x_refsource_confirm
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22190.json
Scores
CVSS v3
8.5
EPSS
0.0034
EPSS Percentile
56.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (1)
gitlab/gitlab
13.7.0 - 13.7.8 (2 CPE variants)
Published
Apr 12, 2021
Tracked Since
Feb 18, 2026